Cryptographic Services

Did you ever really consider that security is like a cake? Well, it is: It is best in layers. Just like your favorite cake, cryptography can be layered to help build a true defense in depth. Many types of cryptographic solutions can be applied, from the application layer all the way down to the data frame.

Secure Email

Standard email uses the Simple Mail Transfer Protocol (SMTP), port 25, to accept messages from clients; and Post Office Protocol (POP3) version 3 and port 110 to retrieve email from server-based inboxes. Sending an email is much like sending a postcard through the postal service: Anyone along the way can easily read the note you wrote to your mom while visiting Niagara Falls. Fortunately, several digital services enable you to seal the mail in an envelope.

Pretty Good Privacy (PGP)

PGP was developed in 1991 by Phil Zimmermann to provide privacy and authentication. Over time, it evolved into an open standard known as OpenPGP. PGP is unlike PKI, in that there is no CA. PGP builds a web of trust, which is developed as users sign and issue their own keys. Users must determine what level of trust they are willing to place in other parties. The goal of PGP was for it to become the "everyman's encryption." No longer would encryption be available only to companies and corporations. Popular programs such as Hushmail and Veridis are based on PGP.

Other Email Security Applications

Secure email solutions are important because email is one of the most widely used Internet applications. Several other applications are available to help secure email:

• Secure Multipurpose Internet Mail Extensions (S/MIME) S/MIME adds two valuable components to standard email: digital signatures and public key encryption. S/MIME supports X.509 digital certificates and RSA encryption.
• Privacy Enhanced Mail (PEM) PEM is an older standard that has not been widely implemented but that was a developed to provide authentication and confidentiality. PEM public key management is hierarchical. PEM uses MD2/MD5 and RSA for integrity and authentication.
• Message Security Protocol (MSP) MSP is the military's answer to PEM. Because it was developed by the NSA, it has not been opened to public scrutiny. It is part of the DoD's Defense Messaging System and provides authentication, integrity, and nonrepudiation.

Secure TCP/IP Protocols

Securing email is just one of the CISSP's goals. Other cryptographic solutions are available to increase security at all the layers of the TCP/IP stack. Because security wasn't one of the driving forces when the TCP/IP protocols were developed, these solutions can go a long way toward protecting the security of the organization.

Application-Layer Cryptographic Solutions

The following application-layer protocols can be used to add confidentiality, integrity, or nonrepudiation:

• Secure Shell (SSH) SSH is an Internet application that provides secure remote access. It is considered a replacement for FTP, Telnet, and the Berkley "r" utilities. SSH defaults to port 22. SSH version 1 has been found to contain vulnerabilities, so it is advisable to use SSH V2 or above.
• Secure Hypertext Transfer Protocol (S-HTTP) S-HTTP is a superset of HTTP that was developed to provide secure communication with a web server. S-HTTP is a connectionless protocol that is designed to send individual messages securely.
• Secure Electronic Transaction (SET) Visa and MasterCard wanted to alleviate fears of using credit cards over the Internet, so they developed SET. This specification uses a combination of digital certificates and digital signatures among the buyer, merchant, and the bank so that privacy and confidentiality are ensured.

Transport- and Internet-Layer Cryptographic Solutions

The transport and Internet layers of the TCP/IP stack can also be used to add cryptographic solutions to data communications. Some common examples follow:

• Secure Sockets Layer (SSL) SSL was developed by Netscape for transmitting private documents over the Internet. Unlike S-HTTP, SSL is application independent. SSL is its cryptographic independence. The protocol itself is merely a framework for communicating certificates, encrypted keys, and data.
• Transport Layer Security (TLS) TLS encrypts the communication between a host and a client. TLS consists of two layers, including the TLS Record Protocol and the TLS Handshake Protocol. Although it is not interoperable, it is protocol independent.

IPSec

Internet Protocol Security (IPSec) is an end-to-end security technology that allows two devices to communicate securely. IPSec was developed to address the shortcomings of IPv4. Although it is an add-on for IPv4, it is built into IPv6. IPSec can be used to encrypt just the data or the data and the header.

• Encapsulated secure payload (ESP) ESP provides confidentiality by encrypting the data packet. The encrypted data is hidden from prying eyes, so its confidentiality is ensured.
• Authentication header (AH) The AH provides integrity and authentication. The AH uses a hashing algorithm and symmetric key to calculate a message authentication code. This message-authentication code is known as the integrity check value (ICV). When the AH is received, an ICV value is calculated and checked against the received value to verify integrity.
• Security Association (SA) For AH and ESP to work, there must be some information exchanged to set up the secure session. This job is the responsibility of the SA. The SA is a one-way connection between the two parties. If both AH and ESP are used, a total of four connections are required. SAs use a symmetric key to encrypt communication. The Diffie-Hellman algorithm is used to generate this shared key.
• IPSec Internet Key Exchange (IKE) The SA must have a procedure to exchange key information between clients. The Internet Key Exchange (IKE) is the default standard for exchanging symmetric keys. IKE is considered a hybrid protocol because it combines the functions of two other protocols: the Internet Association and Key Management Protocol (ISAKMP) and the OAKLEY protocol.
  • The Internet Association and Key Management Protocol (ISAKMP) This subset of IKE sets up the framework of what can be negotiated during the handshake process. This could include items such as algorithms types and key sizes.
  • OAKLEY Protocol This portion of the IKE is responsible for carrying out the negotiations.

• Transport and tunnel modes AH and ESP can work in one of two modes: transport mode or tunnel mode. Transport mode encrypts the data that is sent between peers. Tunnel mode encapsulates the entire packet and adds a new IPv4 header. Tunnel mode is designed to be used by VPNs.

Lower-Layer Cryptographic Solutions

Physical-layer cryptographic solutions include these:

• Password Authentication Protocol (PAP) PAP is used for authentication but is not secure because the username and password are transmitted in clear text.
• Challenge Handshake Authentication Protocol (CHAP) CHAP is more secure than PAP because of the method used to validate the username and password. CHAP sends the client a random value that is used only once. Both the client and the server know the predefined secret password. The client uses the random value and the secret password, and calculates a one-way hash. The hash value is sent to the server. The server compares this value to one that it has calculated separately using the stored secret password and the same random value that was sent to the client. If the values match, the client is authenticated.
• Point-to-Point Tunneling Protocol (PPTP) PPTP was developed by a group of vendors. It consists of two components: the transport that maintains the virtual connection, and the encryption, which ensures confidentiality. It can operate at a 40-bit or 128-bit encryption setting. PPTP uses TCP port 1723.

Moving the Data

As the various protocols have shown, there are many ways to encrypt and secure data. One final decision that must be considered is how information is to be moved between clients. You could decide to choose a method that simply encrypts the data payload (end-to-end encryption), or one that encrypts everything (link state encryption), including the data and the header:

• End-to-end encryption encrypts the message and the data packet. Header information, IP addresses, and routing data are left in clear text. Although this means that an individual can intercept packets and learn the source and target destination, the data itself is secure. The advantage of this type of encryption is speed. No time or processing power is needed to decode address information. The disadvantage is that even with the data encrypted, an attacker might be able to make an inference attack.
• Link encryption encrypts all the data sent from a specific communication device. This includes the headers, addresses, and routing information. Its primary strength is that it provides added protection against sniffers and eavesdropping. Its disadvantage is that all intermediate devices must have the necessary keys, software, and algorithms to encrypt and decrypt the encrypted packets at each hop along the trip. This adds complexity, consumes time, and requires additional processing power.